Hi, I create a Syslog Parser to detect storm in the network.
When I create my test, I get the event:
TimeStamp date ... source ... severity Critical ... Facility Local7 ... Host name ... tag ... @SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet0/14 ....
In the Log Parser I created the rule:
Matching regular expression : *BLOCK_BPDUGUARD*
Severity : Critical
And I generate an alert.
Is is possible to forward all the content of the syslog message to the alert or email ?
Thanks in advance for your help !
You can send parameters to the event from the Syslog Parser using standard regex capture groups.
For example regex
.*SPANTREE-2-BLOCK_BPDUGUARD: (.*)
Would send the rest of the message (what gets captured inside the brackets) to the event.
Configure the parameters to 1, and handle the rest in EPP/action.